Profiling and Detecting Malicious DNS Traffic

Aug. 21, 2024, 1:29 p.m.

Description

To improve our detection of suspicious network activity, we developed a deep learning method to profile and detect malicious DNS traffic patterns. Based on these DNS profiles, we implemented multiple detection modules designed to identify suspicious domains from different perspectives. We explored how these DNS traffic patterns correlate with specific types of cyberattacks through various case studies. Our detector captured 170 emerging suspicious domains in May 2024, blocking approximately 374,000 malicious DNS requests every day.

External References

https://unit42.paloaltonetworks.com/profiling-detecting-malicious-dns-traffic/
https://otx.alienvault.com/pulse/66c5e6a81df440d407e7dbba
Tags
dns
2024-08-21

Date

  • Created: Aug. 21, 2024, 1:07 p.m.
  • Published: Aug. 21, 2024, 1:07 p.m.
  • Modified: Aug. 21, 2024, 1:29 p.m.

Indicators

  • carollewis.network
  • pococo.cc
  • robotatten.com
  • comcadt.net
  • biillpi.com
Download all indicators here!

Attack Patterns